Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 28th February 2013
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,503
Default Hacker break-in at cPanel saw SSH trojans deployed

From http://h-online.com/-1814039

Hackers broke into a server at cPanel.net, creators and vendors of the cPanel web hosting control panel for Linux, BSD and Windows servers, and proceeded to install SSH rootkits and compromised OpenSSH packages on customer systems. Once the attack had been discovered, the company initially emailed its customers last week, calling on them to update their administrator passwords.


The company doesn't comment on the speculation that it had been a victim of SSH-abusing Linux rootkits. It does say though that administrators should check their systems for one of two SSH-abusing rootkits. One, as reported, involves a trojanised libkeyutils, while another saw compromised OpenSSH binaries with trojan code in sshd, ssh, ssh-keygen and ssh-askpass deployed. The company offers a page http://go.cpanel.net/checkyourserver which includes instructions how to check for the trojan SSHs.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 2nd March 2013 at 12:11 AM.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Season's gr3371ng5 - hacker releases exploits for MySQL and SSH J65nko News 4 3rd December 2012 08:58 PM
Security Hacker Had Total Control Over DigiNotar Servers, Report J65nko News 0 1st November 2012 08:10 PM
DigiNotar hacker says he stole huge GlobalSign cache J65nko News 1 8th September 2011 03:51 AM
RSA break-in: it was the Flash Player's fault J65nko News 0 5th April 2011 09:35 PM
German hacker uses rented computing to crack hashing algorithm J65nko News 0 18th November 2010 07:31 PM

All times are GMT. The time now is 01:21 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick